Slashdot Mirror

← Back to Domains

Domain: mepis.org

Stories and comments across the archive that link to mepis.org.

Stories · 4

  1. The State of the Open Source Union, 2004

    Features · Debian · · posted by timothy · from the wide-angle-lens dept. · 211 comments
    Mark Stone writes with a thoughtful look back at the year 2004 in open source, pointing out both major gains and inevitable uncertainties. He writes "2004 stands out as a year in which open source consolidated its position as a valuable and accepted approach to business and technology policy. A less obvious but significant trend underlies all of this: even as open source business models join the mainstream, the open source development model remains a mysterious process on which large technology companies struggle to capitalize. Key issues and developments have played out in four areas: legal, policy, business, and technology." Read on for the rest. Legal

    The biggest non-story of the year was SCO's legal efforts. So far SCO has not been able to make substantial headway with a single one of its legal claims, and indeed has suffered a number of significant setbacks in court.

    This is certainly good news for Linux and open source. Going back five or six years, clearly one of the major obstacles to widespread adoption of open source software was the uncertain legal status of both the software and the licenses. While this aspect of open source is still an unfinished saga -- more on that shortly -- the inability of SCO, through either legal or PR channels, to undermine Linux gives reason for confidence about the future.

    The real story about SCO in 2004 has in fact been the telling of that story. While mainstream media coverage of SCO has varied widely -- sometimes accurate, sometimes resembling coverage of the OJ Simpson trial -- Groklaw has emerged as a steady voice of reason and objectivity adeptly defusing all attempts at "FUD" PR around the case.

    2004 has been, especially as an election year, a controversial year for the phenomenon of blogging. Whether blogging will provide a sustainable alternate voice in journalism is very much an open question. A few blog sites, however, have shown what a handful of dedicated individuals can do in the face of much larger, and better funded PR machines. Groklaw is an outstanding example of the positive journalism effect that blogging can have.

    The legal front brought other good news for the open source community. Norway's Supreme Court acquitted Jon Johansen, and the Norwegian Economic Crime Unit opted not to appeal the decision. In the United States the Digital Millenium Copyright Act still remains the law of the land, but the Recording Industry Association of America has made little progress in forcing ISPs to disclose the identities of alleged file swappers.

    A more troubling legal trend is the shift in debate about the intellectual property status of open source software. The principles behind the "copyleft" approach have gained continued acceptance, and have even been leveraged as an integral part of some business models. The debate now, however, centers more around patents that copyright.

    IBM has been out in front of the patent issue. Their open source license was the first to explicitly address patent licensing as an issue above and beyond copyright, and they've taken steps, even recent steps, to see that open source development is unencumbered by patent concerns. IBM is not the only company putting patents in the open source domain. Sun Microsystems recently announced they will make patents available under their recently approved Common Development and Distribution open source license (CDDL).

    All of this would seem to be good news for the open source community, especially given that Poland's objections have put a temporary halt to the Europan Union software patent initiative. Appearances can be deceiving, however. IBM is a supporter of software patents. Sun's gesture is in fact intended to create a competitive advantage for OpenSolaris over Linux, since the patent protection Sun offers applies only to work licensed under the CDDL -- in other words, not Linux. In a recent News.com commentary, Bruce Parens said, "So while claiming to make the patents available to open-source developers, Sun can sue folks who work on Linux rather than Solaris."

    The biggest patent concern comes from Microsoft. In a speech in Australia, Microsoft CEO Steve Ballmer claimed that Linux violated more than 200 patents. While this may be more hype -- or hope -- than fact, it does tip Microsoft's hand in terms of what tactics they are willing to use to meet the Linux competitive threat.

    Policy

    All other things being equal, customers prefer an open system to a closed one, and vendor choice over vendor lock-in. In the IT world in general, and between Windows and Linux in particular, all other things are not equal, which makes platform choice complicated. More and more, however, organizations are seeing Linux as a viable platform choice that

    • Lowers up-front licensing fees
    • Has the support and backing of significant technology vendors, whether small, medium (Red Hat), or large (IBM, Novell)
    • Avoids vendor lock-in at both the platform and application level

    These claims are independent of the more controversial claims about improving security and lowering total cost of ownership. 2004 has added an interesting additional element to the mix: the desire of government organizations outside the United States to not be dependent on a large, American technology company whose revenues exceed the gross national product of most nations.

    This software declaration of independence has taken several forms. Sometimes it seems simply to be a negotiating tactic to force Microsoft to lower prices. India may be an example.

    Sometimes, however, price is not the issue. Munich, for example, committed to making the switch to Linux despite direct lobbying efforts by Microsoft CEO Steve Ballmer. In the case of a high tech country like Germany, this decision is probably influenced by the reluctance to be dependent on an American company guilty of monopoly practices.

    The situation in the developing world is somewhat different. Unshackled by significant requirements of backward compatibility, emerging economies like Venezuela's have a chance to make a clean start and avoid what they perceive as the pitfalls and inefficiencies in older IT infrastructures.

    The policy approach in China is even more alarming to traditional technology vendors. China clearly does not want to build an economy dependent on outside production or services, whether it's factories or satellite launches. In the software world China has made it clear that it can and will build its own platform and application stack leveraging open source components, if that is what it has to do to maintain control of its software destiny.

    Business

    The North American market for computer technology has, in many ways, reached the saturation point. A Pentium 4, to say nothing of a 64-bit processor, is already overkill for most office desktop applications. Older versions of the Microsoft Office suite, and older versions of Microsoft Windows, are often quite adequate for business productivity needs. The problem for traditional technology vendors is aggravated by the fact that Linux, Open Office, and other open source software may now be good enough.

    On the one hand this accounts for why policy issues and the international technology market have become so important: this is where technology vendors see the biggest opportunity to grow new business. On the other hand, open source is forcing some significant changes in the software market domestically.

    The most visible effect of open source has been the commoditization effect. Microsoft, as we've seen, has been forced to acknowledge the competitive impact Linux is having, and to cut prices overseas in response to this competition. Yet even companies like BEA acknowledge that open source will have an increasing commoditizing effect, meaning that they will cede lower levels of the application stack to freely available open source software and seek to add value further up the stack.

    The most dramatic concession to commoditization in 2004 has been the announcement that Sun is open sourcing Solaris. Said one Sun executive who asked to remain anonymous, "Do you think we'd be open sourcing Solaris if we had any other way to compete with Linux on price? Of course not."

    If anything, the opening of Solaris reinforces that Sun has been unable to find a business model built around Linux. Given that competitors like IBM and HP have, with varying degrees of success, been able to integrate Linux into their business models, one suspects that there are deeper problems at Sun than the opening of Solaris can solve.

    The bottom line is that Sun is still trying to compete with, rather than embrace Linux. The CDDL doesn't extend patent protection to anyone working under a different open source License, and the CDDL is incompatible with the GPL, meaning none of the Solaris code can be used to benefit Linux.

    This move, of using a license as a competitive tool, is one of the more subtle but more important business trends to emerge from open source in 2004.

    The most common approach is a dual-licensing scheme, utilized by Trolltech (for Qt), Sleepycat (for Berkeley DB), MySQL, and newcomer db4objects, among others.

    In each case the company makes its core product available under the GPL, or else under a similar viral-type license. Since each of these software products is intended to be embedded within or combined with other software to create a derivative product, companies are forced to make their own product available as open source, or to approach the originating company about separate licensing under proprietary terms.

    The result is a very low-cost distribution mechanism for the open source companies, as well as a cheap in-bound sales channel of pre-qualified leads.

    Of course, to be able to dual-license, you must have created all the code in question, or have full rights granted to you for all the code in question. Thus this very successful open source business model is incompatible with the open source development model; each of the companies using the dual-license approach does all, or nearly all of their software development in-house.

    Technology

    What then of the open source development model? Has it enjoyed the growth and widespread acceptance that open source business models have?

    Certainly 2004 saw a number of significant releases for open source projects. GIMP 2.0 was finally released, as was Gnome 2.6. Large companies as well as individual projects made strides. IBM announced the release of its Java database, Cloudscape, as open source. Novell released SUSE Enterprise Server 9.

    The year's most significant releases were the 2.6 series of Linux kernels, and the 1.0 release of Mono. With 2.6, Linux now has many of the features needed to compete as an enterprise-class server: better multiprocessor support, failover and hot-swap support, better journaling file system support.

    Mono is absolutely critical if the open source community is to compete in the application development market. C# and .Net will be important application building blocks for the forseeable future, and Linux and open source need to be viable approaches.

    The Debian Project has undergone an interesting evolution in the last year. Long-time Debian users have often complained about the slow pace at which Debian moves, favoring security and stability over feature growth. The result is a very solid server system, but one that, for the end user, often lacks support for advanced hardware.

    The solution, which seems so obvious now, is independent distributions that leverage Debian as a base but target the end user with ease-of-use features and hardware-support features that have yet to make it into Debian. Two successful projects heading down this path are Ubuntu, which follows the Gnome approach to usability, and Mepis, which follows the KDE approach to usability. Either distribution will give you an easy install, access to Debian packages and apt-based network updates, but with more advanced hardware support and an improved UI over stock Debian.

    By far the biggest development story of the year, however, has been Firefox, the browser component of the Mozilla project.

    Timing is everything. Security, privacy, and spyware have become major concerns in 2004. Microsoft has refused to significantly update Internet Explorer (IE) until Longhorn is released, which could be in 2006 (as in "Santa Claus could be real"). The Mozilla Foundation capitalized on this opportunity with a major fundraising blitz for the foundation and PR blitz around Firefox; this included a full-page New York Times ad.

    In November, Firefox 1.0 was released, and to date downloads exceed 10 million. Mozilla has raised over $250,000 in its fundraising campaign. While IE's market share still hovers around 90%, Firefox has rapidly grown to 5% market share, and put a dent in IE's market share for the first time in years. Industry analyst Gartner Group has looked at the results of 2004 and declared the browser war open again.

    Looking ahead to 2005, it's interesting to ponder the tech sector's differing response to open source business and open source development models. The business models are reasonably well understood and generally accepted now. Not everyone is leveraging open source as a business play, but everyone understands it is one viable strategy to pursue.

    On the development side, however, the results of open source continue to confound the establishment. Why did no one see the Firefox phenomenon coming? Equally important, why isn't anyone (AOL) attempting to leverage Firefox's market success and technology advantages?

    With Solaris, it's interesting to note that even supporters of OpenSolaris admit it sees no real development savings to opening Solaris; the benefits are all on the marketing side. Ben Rockwood blogs "It's going to take Sun more work to maintain it open source than it will to just leave it closed."

    Yes, open source has become mainstream. But that mainstream presence needs to be more than a commodity benefit to companies willing to leverage the results of open source. Will mainstream technology companies figure out how to anticipate and collaborate with open source development as a deep part of their technology strategy? That's a big question that 2005 may answer.

    Mark Stone is an open source consultant and freelance writer living in the Sierra Nevada region of Northern California. He can be reached at mark.stone@gmail.com.

  2. Microsoft's Martin Taylor Responds

    Interviews · Microsoft · · posted by Roblimo · from the we-love-everyone-and-everyone-should-love-us-too dept. · 627 comments
    We passed on your requested questions for Martin Taylor, Microsoft's global general manager of platform strategy, and we got a slew of them. Instead of emailing your questions to Martin, we did this interview by phone and added in a few follow-up questions. You can listen to an MP3 of the call, read the transcript (below), or both.

    Roblimo: Ok, this is Robin 'Roblimo' Miller of Slashdot. I'm on the phone with Martin Taylor of Microsoft. How are you doing today?

    Martin: I'm doing great. I'm very excited to have a chance to talk to you. I know that we've been trying to get together for quite a few months now. So I apologize if my schedule has made it difficult. But I'm glad that we're finally getting it done.

    Roblimo: Me too. At long last. (Martin laughs) We have questions which are all from readers. The first one is from Greyfeld - Slashdot user 521548 - and he asked, "Have you ever used Linux? For what purpose and what was your personal experience using Linux?"

    Martin: I actually have a couple of machines here in my office that are running Linux. It's mostly just to take a look at what works and doesn't work. We also have probably about a hundred or so servers running, you know, Red Hat, SuSE, Debian, Gentoo, you name it. So, you know, we can take a look at how things work and do some comparative analysis and things of that nature.

    My personal experience? I use some earlier versions of Linspire and Xandros, and as an end user that is not as technical as some other people, I would say I found it somewhat challenging, downloading and installing some applications and getting Internet access through our proxy server and some of those things.... device plugging in and plugging out was not quite as seamless as I thought they might be. However, I would say the basic user experience of clicking and moving around and things like that, you know, was fine.

    Roblimo: Ok. This is a follow up. Askadar asked what is Linux doing right? "I assume that you must have evaluated Linux. While doing that, what did you find about Linux that you think is good?"

    Martin: I think a couple of things. One, you know, for the user who really wants to really tear things apart, do things on their own, build their own distribution, they really have, obviously, that level of source code access where they can do things like create a customized distribution with a very, very small footprint with only what they want and not a bunch of other things. You know, Linux is attractive to that class of a user. Linux is attractive to, let's say, Google - a large company that really wants to build a big server farm. They want to hire quite a few very talented engineers to really tune that on a daily basis and things of that nature. So I think that when you get to like specific niche areas and those areas where people really want to get deep on their own and take on a lot of that responsibility on their own, you know, I think Linux is attractive on those scenarios. And obviously that's where you see a lot of the market pick up on Linux on that basis as well.

    Roblimo: OK. Lets move on to a different question. This is from your favorite Slashdot poster and mine, Anonymous Coward. This is a question that didn't make the cut, but, I assume... Do you read Slashdot?

    Martin: I do. I probably go to Slashdot at least a couple of times a week, but depending upon the news of the day, the news of the week I might be on it multiple times a day. (Roblimo Laughs) Because it depends on what's happening in the world in same way that I would go to MSNBC on big news days and small news days, lets just say.

    Roblimo: I understand. This is an Anonymous Coward's question. When Microsoft seems to tout its desire to facilitate interoperability, do you mean interoperability seamlessly between your operating system and environment with alternative systems such as Mac OSX, Linux, Sun Solaris, etc? Or, do you mean interoperability between Microsoft products?

    Martin: Yeah, I actually look at two things. I actually call Microsoft products working well with other Microsoft products, firstly, I call that integration. A little bit. I don't know if these are defined terms in any Microsoft textbook or Slashdot glossary. I don't know but...(Martin laughs).

    Roblimo: We don't have a glossary. We're not that formal.

    Martin: But personally, you know, I say hey, you know, when I think about Microsoft products work with another Microsoft product - I look at that as more integration. How well those things work together. And then I look at interoperability as Microsoft products working with non-Microsoft products. And, I think we work really hard to facilitate something. You can go all the way back, let's say, to integrating with Novell days where we wrote our own Novell client, we wrote our own IPX/SPX stack to allow us to integrate with Novell servers.

    Roblimo: What about now though?

    Martin: And then, bringing it all the way forward. Even now, with SMS... to allow us through OpenWeb ... to get to Unix and Mac clients and Mac servers and Unix to Linux servers to manage those things, distribute those things. I look at the work that we've done with Services for Unix that allows us to integrate with Unix to Linux environment - NFS gateways, NFS hosts, NFS clients. So I think that we can really look around and say, what are the things that we need to do to either partner with our clients like in the (Gnutella - not clear) case or like in the services for Unix case... find a way to interoperate in different scenarios.

    Roblimo: Another question none of the readers asked but really dovetails here. Are you willing to cooperate more closely with the Samba project than you have in the past?

    Martin: I think that we're always open working with people in a variety of different levels to make sure that, again, that we can work well together. Now, I would say that most of the things that we do from an interoperability perspective are driven more by customers and less by industry, meaning that when we have customers say, "Hey, we need these two things to work together and then," you know, that's where a lot of our (Gnutella?) projects and channel partnerships come to play with that Unix to Linux integration. That's the work that we're doing with Services for Unix and some of those other spaces. We won't say no to discussing things to anybody but at the end of the day we're gonna really work hard to do what the customer asks us to do.

    Roblimo: Next question, from ProteusQ, Slashdot user no. 665382. He's asking about protection against malware and he's asking you Martin Taylor, "What applications do you run to protect your windows license from malware (viruses, trojans, spyware, etc.) and what do you pay for this protection for a year? How does this cost compare to the costs incurred by other Windows users and compared to what you would pay for the equivalent protection offered in Debian?"

    Martin: Got it. So first of all I actually run, obviously, Windows XP. I run XP SP2. I also have downloaded the beta of the spyware product that we recently, one of our recent acquisitions, into a combination of XP SP2 and spyware product that I downloaded. That's pretty much how I protect in running both my desktop pc or my laptop I use here at Microsoft as well as the 3 PCs that I have in my house - a very similar configuration.

    Roblimo: How much would these add-on programs cost you? People like you and me, lets say, as a journalist, I too can get free software from anybody. What would it cost you as a regular user?

    Martin: Well today, XP SP2 is free if you're a genuine or a valid Windows XP user. It's just a matter of downloading. And today the spyware product that I've downloaded is also a free beta and we've not announced any pricing terms or plans for the product as of yet. So everything I'm using today is free.

    Roblimo: Ok. And this is all the protection you need?

    Martin: It's all that I have today and it has served me pretty well so far. But I'm hesitant to say its all that I need because I feel, I would be honest to say, that I'm probably not as deep in terms of really analyzing everything that I need but today I have not had any major problem in any shape or fashion with the current configuration. The spyware technology or the anti-spyware technology, I should say, helps me a lot and that was one of the biggest gaps, I would say, in my desktop profile. And, you know, in the spirit of full openness, before we had the spyware technology when I bought a Dell machine for at home for my wife, we actually had, I think, there was some Norton tools that shipped with that PC and again there was no extra charge for that, you know, maybe Dell bundled it into the price, I'm not sure. But I have not personally had got to go out and purchase or download and pay for any additional security product at this point.

    Roblimo: Ok. Question that I'm gonna have to ask you personally. This is not from a reader that will segue into the next reader's question. Obviously I run Linux.

    Martin: Real quick, what do you run? What version do you run now?

    Roblimo: I run MEPIS, which is essential Debian. And right now the browser I have open is Firefox.

    Martin: Got it.

    Roblimo: So I don't have all those popups and things. How do you keep from seeing popups?

    Martin: Windows XP SP2, we have a popup blocker, part of that update to Windows XP that allows me to, you know, deny popups, but also give me a pretty functional bar where I can right click on it when it tells me something has been blocked if I need to see that popup because then, as you know, mini web sites might have the type of transaction engine where they do have something that might appear to popup that you need to get the information to continue whatever transaction you're driving on that website and so...

    Roblimo: Firefox has that too.

    Martin: Yeah but I'm saying that's what I use - Windows XP SP2.

    Roblimo: Here's a related question from Doug Dante. He's asking about open source applications helping Windows compete. "To what extent are open source applications on Windows helping it to be more competitive versus Linux? For example," he says, "I immediately install OpenOffice or, Firefox, and Thunderbird over a virgin Windows install?"

    Martin: Yeah, I'm sorry, I heard the initial point saying, "How do open source projects help Windows compete?" I'm not quite ... Repeat the question again. I missed that ...

    Roblimo: What he's saying... I'll turn his question around from the way he wrote it.... He's saying when he installs Windows, he takes a virgin Windows install and immediately adds OpenOffice.org Firefox, and the Mozilla based Thunderbird email programs to it. And he's asking, How are these helping Windows to be more competitive versus Linux?"

    Martin: Yeah, I guess I don't look at it that way necessarily. I don't look at it saying, "Hey, are there great open source projects that are available on Windows?" I think, let me try to paraphrase it and answer it. I think what he's saying is hey, the new breed of applications available on SourceForge(.net) and open source application, you know, are they making windows become more relevant or helping it compete against Linux, because at the end of the day Windows and Linux are just operating systems and the application stack above that that allows them to be for people to choose. Is that a fair way to look at it?

    Roblimo: I would say yes.

    Martin: I would say I don't see from that perspective anything different today than yesterday. We've always had a pretty good, let's call it, an application catalog some written by us, most written by everybody else. And so in some way you can say open source as a development model just created a bunch more applications that all can run atop of Windows. And so, you know, people are always shocked by this. They don't know that there's literally over 10,000 projects up on SourceForge for the operating system alone - just for Windows 2000 and Windows XP. And, you know, you can go to SourceForge and browse around and you'll see quite a few applications out there. And that's actually, you know, I'm gonna extend the question a little bit if you don't mind.

    Roblimo: Go ahead.

    Martin: One thing that really frustrates me a little bit, and you can say this is partly because of us at Microsoft and hopefully we're getting better here, is that people try to position us as Microsoft versus open source. I really don't view the world that way and I know that we don't view the world that way. I think that we view the world saying, you know, take OpenOffice. We think Office, the product that we have, is a great product and we want to make sure that we can show that product in a value offer over OpenOffice.org. Or over OpenOffice or StarOffice every chance that we get. That doesn't mean that we are anti-open source. It means that we think we get a better product compared to that one. Whether that came from open source model or proprietary development model. The same way that we look at Corel or what you still look at - AmiPro or WordPerfect or whatever. And so, you know, to close outthe question. So, yeah, there's application code written for Windows, you know, and underneath the open source model if its licensed underneath the GPL, the, you know, different types of licensing models and open source, then great, God bless them and Godspeed, and that increases the application platform availability that we have.

    Roblimo: I'm gonna ask you sort of a question in here that's not in my original list. And I'm actually looking on Slashdot right now. For, again, that you just really led me into, and even if I don't find the exact question I can paraphrase it.... There were over 1,000 comments, you know, on this interview call for questions.

    Martin: About midnight last night I was anxiously reading Slashdot. And I was wondering where you're gonna take me, Roblimo. And so, yes, I read everything as of midnight last night, I read every single thing. I think 1,096 was the number I saw at about midnight.

    Roblimo: Crazy, crazy. See, you're loved. Everybody loves you.

    Martin: But I love everybody. (both laugh)

    Roblimo: Anyway the gist of the question is... I can't seem to find it... there are so many. I've got to cut to just plus five questions but there's fifty-some of those. This one was asking about the chronic Fear, Uncertainty, and Doubt thing, if it's true that Windows and Microsoft products are that much better, why do that? What's the point? Isn't that like Ford spending their time knocking GM rather than just using Ford?

    Martin: I think I know what you're referring to based on some of the stuff that I read last night. And so if I can and you can say I'm cheating, I don't know. But let me kind of, sort of, aggregate about eight or ten different postings I saw last night that kinda speak to that. I think the real...

    Roblimo: That's what we're trying to do here.

    Martin: They're fresh in my mind, I remember them all, so let me tell you kind of what I heard or what I read last night in aggregate. Pretty much saying, "Hey, why have this get the facts campaign if your products are better as you suggest they are in different categories and why do you feel the need to tell people that they're better...

    Roblimo: No, that's not the question.

    Martin: Ok.

    Roblimo: Why do you, not from you per se but from some of your co-workers, from Microsoft executives, seem to lash at virulently with anger against Linux and open source?

    Martin: You know, on this one, I actually think that we've made a lot of progress and so let me be very open with you and kinda give you what I feel is history and I love your read on this as someone who watches us and watches the industry and the things that you do over the length of time you've had. I would say years ago we did not fully understand - I'm speaking aggregately as a company - did not fully understand Linux and open source and so whatever you're dealing with something that is a bit of unknown, I think it's natural to have somewhat of an emotional reaction to that. And also if things didn't quite make sense to you, when you thought people might be acting somewhat irrational, then again it led to somewhat of an emotional response in some ways. And so I think that was the early view. I would also say, you know, that it's a shared responsibility issue because, again, as an avid reader of Slashdot, I would say that many of the folks who participate on Slashdot are somewhat... viceral.

    Roblimo: Really! What might have led you to that belief, sir? (laughs)

    Martin: And their feelings towards us. And so I think that there was a point where we both maybe kinda at each other a little bit. I think that we need to get past that to the point where everyone benefits from a more constructive, pragmatic dialogue to the point where, you know, it's not an emotional thing saying Linux is bad or open source is awful or those types of things, but it's a more pragmatic customer oriented thing that says "Hey, here's why I think we've got great value added here, here's why I think we have a better TCO story. Here's why I think that our integration ..."

    Roblimo: Let's move on to a TCO question. It's where you gonna go anyway..

    Martin: No, no, no. I was basically gonna say...

    Roblimo: No, no I have a question about TCO.

    Martin: Hold that for one second.

    Roblimo: Ok.

    Martin: So I think that we've come a long way from where we were years ago. Can we handle everybody on every comment everyday? No, but I think in aggregate, and I hope you would agree, what you hear coming out from Microsoft is a the different tone than you heard three years ago.

    Roblimo: A compassionate, proprietary software company. (laughs). Alright let's talk about ...

    Martin: (Laughs). That's a good tag line, I have to pay you if I use that in my next PR speeches?

    Roblimo: Absolutely, pay me what it's worth, namely zero. (laughs) Here's RailGunner who's a registered user no. 554645, he wants to talk about Windows TCO versus Linux TCO. And he asks, "Why do you claim Windows has a lower Total Cost of Ownership yet you do not add the cost not incurred by Linux and FOSS beyond open source software of a Virus Scanner, Microsoft Office on the desktop or IIS/SQL Server on the server, plus the damage that is done by such worms as the Blaster and Slammer?

    Martin: Yeah, so it's kind of a two-part question. The first thing I would say is, you know, when you go take a look at the Total Cost of Ownership of studies that were done both by Forrester, by Giga, by IDC and by some of the other analysts, they go to the entire solution. Some of those solutions do have some level of Web server and application server as part of it and some are more than just simple workload scenarios. I think that rarely do we say Microsoft gives you lower Total Cost of Ownership." I think what you'd find us really saying when you get to the next level is "Hey, for this solution, for this scenario, this set of products compared to these other set of products, Microsoft can deliver lower Total Cost of Ownership." So it's really more of a product and a scenario based thing to take a look at, and then all those elements that come into play there. So that's the first thing that kinda covers the first part. The second part you mentioned was the notion of how you account for, let's say, some of the security issues from that perspective.

    Roblimo: They never seem to be included, right. In the studies that I've read - believe me - I've been to all the Microsoft market materials and independent studies. Independent studies done by companies which are supported at some point by Microsoft, however, I must put a disclaimer that Microsoft is a major advertiser on OSTG - and we thank you for your support.

    Martin: And these kinds of companies are also supported by IBM and HP and Red Hat and other companies as well because of kind of the way that our industry moves. All that being said, so, on the second part, we've been looking for way on how you model that out. Yeah, how do you model out what you do about security. Yeah, you could always do, let's say, the analysis post-hurricane, and take a look at, "Ok, what were the damages based on this scenario?" But that really doesn't give you a view of Total Cost of Ownership or anything like that, so we've been trying to find a way to model out, let's say, Total Cost of Security, or something like that where you can be somewhat predictive. But it's incredibly hard to do and so, you know, I'll ask our wide community of Slashdot users - if someone out there has a model where they can do some type of predictive modeling, because that's really what it's about, it's about predictive modeling on what will the cost be over the next three to five years. How does that look? You know, I'd love any input and guidance, but I know some of the analyst firms are also grappling with this idea, as well.

    Roblimo: And most of these people read Slashdot too...so you will get answers.

    Martin: So,you know, we'll figure this out at some point in time but the way to do that is not to say, "Look, we spent X amount of money to due to Blaster, you know, so now I think now the right thing to is ask, "Hey, what does it cost us to design a secure environment? What does it cost us, you know, to innoculate our environment? What does it cost us from a people resource perspective to build the right redundancy required should something happen?" So those are the costs that... I think you'd want modeled out and look into when looking at Total Cost of Security from that perspective. But I could be wrong and I'd love some feedback.

    Roblimo: You'll get it. And here's sort of a question that I pulled out of one of the thousand-worders that was cogent... This is a theme that runs throughout the TCO studies that Microsoft boosts. He asks us, "Do Linux geeks really pull in that much more money salary-wise than Windows geeks?" That's a common theme - that it costs more to hire a Linux admin. And he says, "I find this claim hard to swallow especially in today's economy."

    Martin: OK, well. This is kind of a my-word-against-your-word thing that I don't want us to get there. But I just hired 16 Linux consultants for a project I'm doing. And I asked the company that was doing the hiring to actually - I also had to hire 16 Windows and .NET architects as well. No question that 16 Linux guys I hired cost me a lot more. And it's just a matter of, its just economics - its simple economics. There's way more people out there that I know that might be unsettling for our friendly Slashdot readers.... I don't mean this a bad way... But in all honesty, there's way more guys out there that know Windows than know Linux. That's just the reality.

    Roblimo: Is it possible that it was just hard to find Linux-skilled people who are seriously into it... skilled people who are willing to work for Microsoft?

    Martin: It wasn't a, it was a third-party. They didn't know that they were working for Microsoft.

    Roblimo: Ahh. Ok.

    Martin: I had a third-party go out there to hire 16 topnotch Linux developers/architects and 16 topnotch Windows architects so I could do some comparative studies on some work that we're doing. And no one knew that Microsoft had anything to do with this in terms of hiring people to work on this.

    Roblimo: Interesting.

    Martin: And so anyway, again, its less about that. It's more about the fact that, hey, there's just less skilled people out there, you know, in aggregate, in our IT population. And so, I think, that's the big issue.

    Roblimo: Ok. The salary thing does contradict what I see here in Florida. But aside from that, again like you say, you know, I've seen two thousand salary surveys and three thousand answers.

    So, here's another question - very different - about Microsoft - breaking it's own software from Aim Here (765712). "All these serial number checks, dial-home schemes, registration schemes, digital "rights" management schemes, crippled 'starter' versions of Windows, and now all sorts of anti-piracy checks whenever someone wants to patch their Windows box - Microsoft spends an awful lot of time and effort deliberately making sure their software doesn't work unless the customer jumps through the appropriate hoops. Aren't you worried that this continual (and increasingly intrusive) process of deliberately breaking and/or crippling your own software is going to alienate some of your customers and make them feel like criminals, particularly since the makers of the free software operating systems that you're now competing against have no need of any of it and can concentrate all of their resources on trying to make their software work?"

    Martin: OK. You said a lot there. I won't cut and parse through that early part.

    Roblimo: Bottom line is, here I am running Debian and if I decide that I want to add three more computers, I will take the CD and slap it on, end of story. And my net cost for a complete desktop is zero and I don't have to register it. I can't do that with the one instance with Windows that I do have, I can't slap it into another computer.

    Martin: A couple of things. One, I would say when you look at commercial companies now they adopt and deploy Red Hat and the commercialized distribution.... There is a registration process if I want to install Red Hat on another server and has support for that server. Yes, I can go freely copy it wherever I want, but if I want to have supported servers as most organizations do and/or supported desktops, there is a registration process. So I think that we don't look that dissimilar in our model of, you know, asking people to register or at least, you know, fill out/verify the legal copy that they are using.

    The second thing I would say is, one thing that I wasn't sure from the statement that was made by, I think, Aim Here, was that "we require people to go through hoops in order to patch those systems." That is not the process today. Today if you're running on Windows and you need a security patch, you know, there is no additional hoops or things you need to go through in order to install a security fix for your technology today. So that was a little bit weird as well. And again, and lastly, I think we're working super hard to make whatever this process is incredibly seamless. You know, I, again, I recently bought a Dell computer for my wife at home and it was literally seconds that it took it to go up to Microsoft.com, verify its ID and then come back down.

    So I think that, you know, what you're going to begin to see is the continual evolution of kind of a community-to-commercial approach that's happening in the Linux, or, let's call it, really, the distribution world. Because, yes, you'll always be able to install, you know, Debian or something like that on a million machines if you'd like. But again, as things become more commercial as they are with the Linux distributors, you'll see similar processes in place because that's the only way that they can verify users so they can offer them a support model.

    Roblimo: So what you're saying is that you have to register for support with Linux.

    Martin: I mean, I'm not an aggressive Linux user as some of our Slashdot audiences are. But the servers I have running and the desktops I have running here, I do have to register those with Red Hat to be in agreement with my Red Hat support agreement.

    Roblimo: OK. Not everybody uses Red Hat.

    Martin: No... Most commercial customers that I've talked to primarily use Red Hat or SuSE as their distribution for commercial customers.

    Roblimo: OK... Let me ask... Let's move on here. We have, really, two more questions and this is the last long one, from JimmytheGeek ... (laughs)

    Martin: I'm worried already.

    Roblimo: He's been around for a while on Slashdot user number 180805. And he's saying, "One of the myths about Windows is that there is a company behind it you can hold responsible for flaws that impact an organization." "But," he goes on, "if you read the EULA, the End User Licensing Agreement, of any Microsoft product, even an update, it disclaims any responsibility whatsoever. They specifically avow that they are not fit for any purpose. So what's up with that?"

    Martin: Yeah, this is a broader conversation, a broader question. I actually read this question last night as well from Jimmy.

    Roblimo: I've read the EULAs. I'm the only person you've ever met who's probably read every single licensing agreement for every piece of software he's installed.

    Martin: There's a couple of lawyers that we have here that read quite a few EULAs as well.

    Roblimo: They are sick, too....

    Martin: (laughs) Nevertheless, there's a couple of things. First of all, I would say, really when we talk about the kind of accountability and standing behind it, there's a few things that we reference there and where we spend our time. One is, for commercial customers, you know, how we can provide this level of roadmap, this level of ownership and all these types of things today on that perspective, let's just call it from the general support perspective, and how that works. I mean anyone will agree that Red Hat or IBM or even Novell with SUSE, they can only take, you know, things to a point at the end of the day, because at the end of the day they don't own the kernel, they don't take the final decision on what's in or what's out of 2.6...

    Roblimo: Well, no, they can modify it however they want.

    Martin: No, of course but when they do, then you could be on a different path, or you can be on a different path or fork on a different tree, but essentially they start with what level of mods that they do. And so the point of that is to say, "Hey, we have that all the way in the end level of ownership where we can deal with that."

    The bigger issue that comes up of this accountability issue is around this notion of indemnification and protection. This notion of "Hey, I can tell any one of my customers, if there's any issue from an IT perspective, you know, patent, copyright, trade secrets..." Microsoft fully takes care of you and we extended all the way down to any end user where that wasn't a part of our normal EULA. As of November we made that change as well - EULA being in the End User Licensing Agreement. And so I think that's the issue where a lot of accountability come into play. But how do the vendors, or how do the distributor or software provider fully protects and indemnify any customer that is using their software from ...

    Roblimo: I don't think that's the question that we're trying to ask. He says, and I can give you the full thing.. "Open source licenses usually have the same thing, but those are generally free products. You guys have taken in a couple hundred billion. Plus, we can use the code as we like. So you can't claim any kind of equivalence." So I think what he's talking about is the one big glaring thing - that Microsoft in those EULAs does not claim the software is fit for any particular purpose or that it will work, essentially.

    Martin: Yeah, I don't think we quite ... it won't work. I don't know ...

    Roblimo: No, for any given purpose.

    Martin: C'mon Rob, I know that's the broad surface. Go read Red Hat EULA and Red Hat will pretty much say, "Hey,we can't guarantee anything with the software either." I've read it. Read their filing statements. It's the same thing, right?...

    Roblimo: Well I use a different variety of Linux, perhaps...

    Martin: Right, so I think it's impossible for any software provider to say categorically their offer can do any single thing that you ever want to do in the world. Right?

    Roblimo: Mmmmm, yeah, but it's always been an amusement part, you almost have to laugh...

    Martin: Fine, so it's fine that people can have good sport with it, but when you get down to the kind of the brass tacks at the end of the day, again, I don't know any software provider that says, "Hey, our software can do anything in the world that you want to do, so go do it."

    Roblimo: There's implied fitness in most products, like, if I were to go buy a Jeep Cherokee - I have one - there is an implied fact both by their (being on) sale and the FTC forces them... and other government agencies force them to imply that it's safe to drive on the road, or reasonably. Not that it's safe for me to drive drunk with no shoulder harness and go crazy at 120 miles an hour, but that it's fit for the purpose of being, you know, a transportation device.

    Martin: Right.

    Roblimo: And this is something that, you know, again, maybe the software industry in general needs to work on, wouldn't you say?

    Martin: Yeah, I would actually take us up on that. This is not a Microsoft specific issue, because I don't think we're that unlike any other commercial software provider, you know. And with regards to that, it's probably easier to make fun with us than anybody else. But nevertheless...

    Roblimo: One last question that you sort of touched on earlier... Augustz - with a "Z" on the end - asks this very bluntly: "Are Google morons given that TCO is significantly less for Windows than Linux?" and his reference is the Microsoft advertising and "Get the Facts" literature. "Are the folks at Google morons for using Linux? They use a lot of computers, and TCO has got to be important to their environment."

    Martin: That's one of those, let's call them niche environments where I would say, I'd personally... Well, let's be honest. Your average commercial company will not pay for the staff that Google has to run their engine. I mean, they hire quite a few very senior, very technical people to do a very specific function. And from that perspective, they're very different from your generic IT scenario. Most companies, I mean, given that most companies are not technology companies, most companies that I talk to, they're not in business to hire a whole bunch of people to drive a stack of servers. They're in business to, you know.. they are airline companies that put people on planes. They are soda companies that to get people to drink. They are news companies like Slashdot to get people news. And so, anytime that they can reduce the complexity of their environment and not have to hire people to manage or maintain that, that's a good thing for them. And so, I can tell you that again that's a different usage scenario in terms of how they've optimized around that based on a more general purpose scenario.

    I'm not gonna go and say "Oh my God, they're crazy, they're gonna have an incredibly high cost of ownership because of what they've done. I also not going to go on record to say that they could go to Windows servers and their TCO would drop in half. Again, as I said earlier, when we look at Total Cost of Ownership it's by solution, by scenario - not a broad, sweeping all-things-are-made-of, all-people-type-of-statement.

    Roblimo: That's all the questions I have planned. Are there any we failed to include but we should have?

    Martin: No, I'd say as I read last night, there were some that we probably can never talk about publicly because... (both laugh) which was fine. But I have their names and emails myself so I can answer them. And then there's some kind of around this whole "get the facts" thing and I do maybe, in closing, want to talk about that a little bit, if that's ok.

    Roblimo: Go right ahead.

    Martin: Let me give you a little bit of history on kinda why I'm doing what I'm doing the way that I'm doing it. You know when I joined, I tried to go figure and work on some of this, I was amazed at reading Slashdot and reading some other things... just how aggressive people were on Microsoft isn't this, Linux is this. But it was (usually) grounded in one instance meaning, "Hey, I did this one time and here's why I think one or both or neither are better or good or bad," or it was just not grounded at all on any level set of data.

    And so a big push that I wanted was to just get the facts, and say "Hey let's move this out of an emotional, aggressive discussion and let's really kind of have it based more on a practical, pragmatic discussion." Actually I even got that from customers.

    I'm not a deep, deep technical guy, I'm not a deep, deep industry guy. I spend more of my time talking to customers, trying to structure the work that I do based on what they ask. And customers are asking, "Hey, can you help me understand TCO, Microsoft versus Linux for this scenario in the work that we do? Which of these technologies... help me understand this or that..." And that's the kind of work that we do.

    And so, if you read the details, which I'm sure you have, if not, we're not 100% favorable to Microsoft. There are some things in there that say why Linux is good, there are some things in there that say why the Web work load, one of our older studies, you know, gave good TCO for Linux and Apache against IIS 5.0. So there are things out there, and I try to be as transparent as possible on all of those types of things. I mentioned earlier about another company, I used another company to hire these people, I didn't want to bias the study in any way by people knowing Microsoft was hiring these engineers, so I had a third party hire them. And, of course, once everything is done, everything is transparent, so you can see everything in terms of the server configuration, who we hire, you know, how the whole thing works, but there's a deep level of transparency that I try to provide.

    But again, on that one that I mentioned, I wanted to make sure that they weren't biased because I was hiring them. So I work really, really hard to make sure we don't bias these things and they're aa pragmatic as possible. And so, if there are topics that, you know, people think we should undertake... again, I hear from customers all the time, and that's what we spend time on but, you know, I'll keep reading Slashdot, and when people post stuff and issues into them, then we'll take on some of those discussions and challenges as well.

    Roblimo: I'll tell you what, here's an open invitation that's a good idea. When this is posted, there will be discussion. Do you have a Slashdot login?

    Martin: I do not have a Slashdot login but I feel bad about that, and so as of tonight I will have one. Will it cost me any money?

    Roblimo: It will cost you just as much as Debian Linux and all the software on my desktop.

    Martin: Oh that'll cost me a lot of money to manage and maintain but... Robin, Oh no, no, you can leave it alone. It just works (laughs) In other words it will cost you nothing.

    Martin: No problem. So I will get a Slashdot account tonight.

    Roblimo: I'm saying you're absolutely welcome to jump into the discussion, and I think your participation will be very valuable.

    Martin: Got it.

    Roblimo: So, thank you so much for your time. This has been, as always, a pleasure.

    Martin: Ok Rob, thank you so much, and I apologize for taking so long to do this and I look forward to maybe doing it again. Ok?

    Roblimo: I love it.

    Martin: Ok, thanks. END

  3. Stop Christmas-Gift PCs From Feeding Worms

    It · Security · · posted by timothy · from the cognitive-dissonance dept. · 416 comments
    An Anonymous Reader writes "If you recently set up a new PC with Windows XP, or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches. Well, help is in sight. The SANS Institute released a paper entitled Windows XP: Surviving the First Day." (Read on below.) Update: 12/24 17:59 GMT by T : Thanks for reader Bill Curnow for the updated link. Update: 12/24 19:15 GMT by T : Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.

    "With many screen shots, it will walk you through the procedure to enable the XP firewall and downloading the patches without getting infected while doing so. This could be the (free) stocking stuffer that may save Christmas for your folks ;-). Given that its probably to late now to start downloading your favorite Linux distro."

    But if you do have the time and bandwidth, and you're stuck on Windows, a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline. (And if you have time to download 50MB, you have time to grab Damn Small Linux.)

  4. Yet Another Debian-based Distro: Mepis

    Linux · Linuxbusiness · · posted by michael · from the hey-debian,-look,-acpi,-how-about-that dept. · 206 comments
    emgarf writes "Today, on the first anniversary of the MEPIS Project, MEPIS LLC announced the release of MEPIS Linux 2003.10 for Pentium processors. MEPIS Linux is a desktop Linux that is designed for both personal and business users. MEPIS Linux offers a live/installation/recovery CD, advanced automatic hardware configuration, XP/NTFS support, ACPI power management, WiFi support, personal firewall, KDE 3.1.4, OpenOffice 1.1, Mozilla 1.5, and much more."